GP-013 Risk management
Procedure flowchart
Purpose
To describe the procedure to control and establish the risk management of our medical devices, from its conception throughout design, development, placing into the market and post-market phase (along its life cycle), to guarantee patient safety and remove or minimise risks as much as possible.
Scope
All medical devices developed by us and all processes involved in the product's life cycle.
Responsibilities
JD-001
To approve the risk management plan and procedure.
JD-004
To prepare the risk management plan and procedure in order to develop the risk management, and record the risk analysis and the risk management report.
JD-003
To request the risk management report and evaluate it together with the JD-005 the JD-004.
JD-005
To develop and review the risk management, perform the risk analysis and evaluate the benefit/risk ratio of the risks detected.
Inputs
UNE-EN ISO 14971:2020Regulation (EU) 2017/745 MDRISO/TR 24971:2020- Preclinical and clinical data.
- Risks know and foreseeable.
- Monitoring and measurements of incidents.
- Information collected from PMS and PMCF.
Outputs
T-013-001 Risk management planT-013-002 Risk management recordT-013-003 Risk management report- Risk acceptability.
- Acceptability of the benefit-risk ratio, included within the
T-013-003 Risk management report.
Development
Risk management policy
In this section, we clarify the roles and responsibilities of our senior management and our staff in the risk management process. We also describe the context for risk management as part of the overall system of internal controls and arrangements, outlining the main principles behind the risk management framework. Furthermore, we explain how acceptable risks are determined and define our criteria for risk acceptability.
Risk acceptability criteria
With the goal of providing a framework that ensures that criteria are based upon applicable national or regional regulations and relevant international standards, and taking into account available information such as the generally acknowledged state of the art and known stakeholder concerns, we define our criteria for risk acceptability.
The risk acceptability is based on an analysis of the probability of the occurrence of the harm (P) and the severity of the harm (S) in case that the patient or user is exposed to a hazard.
Severity (S)
The severity values are calculated according to the following table:
| Score | Impact | Severity of product and client | Effect |
|---|---|---|---|
| 5 | Critical | Damage or nuisance capable of causing serious damage to the health of the user or breach of commitments or essential requirements. | Loss or degradation of primary function or death and / or non-compliance with requirements. |
| 4 | Serious | Harm or nuisance capable of causing severe or significant harm to the user or non-compliance with QMS capable of endangering compliance with essential and non-essential commitments or requirements. | Permanent impairment or irreversible injury and / or minor non-conformities that may lead to direct non-compliance with requirements or lack of evidence |
| 3 | Major | Damage or nuisance capable of causing minor or slight damage to the user or non-compliance with QMS capable of endangering compliance with non-essential requirements. | Injury or impairment requiring medical or surgical intervention and / or minor non-conformities that may lead to direct non-compliance with requirements or lack of evidence |
| 2 | Minor | Nuisance in the absence of danger to the user or small errors in the manufacturer's QMS that does not jeopardize compliance with requirements. | Temporary injury or impairment not requiring medical or surgical intervention and / or non-conformities of regulatory requirements |
| 1 | Negligible | No discernible effect or detriment to the ability to meet requirements | Inconvenience or temporary discomfort |
| 0 | None | None | None |
Probability (P)
The probability values are calculated according to the following table:
| Score | Probablity | Meaning |
|---|---|---|
| 5 | Frequent | It is very probable that happens. When the dangerous situation occurs, there is a possibility between >75% that it could lead to damage to the patient. |
| 4 | Probable | It is probable that happens. When the dangerous situation occurs, there is a possibility between >50% ≤75% that it could lead to damage to the patient. |
| 3 | Occasional | It is possible that happens often. When the dangerous situation occurs, there is a possibility between >10% ≤50% that it could lead to damage to the patient. |
| 2 | Remote | It is probable that happens some time. When the dangerous situation occurs, there is a possibility between >0,1% ≤10% that it could lead to damage to the patient. |
| 1 | Improbable | It not impossible that happens but exists some possibility it is that happens . When the dangerous situation occurs, there is a possibility ≤ 0,1% that it could lead to damage to the patient. |
| 0 | Impossible | It is impossible that happens |
When the probability of occurrence of harm cannot be estimated, the probability will be assigned in terms of detectability.
The detectability can be estimated according to the following table:
| Score | Detectability | Meaning |
|---|---|---|
| 5 | REMOTE | Detection probability <10%. Very remote chance that potential hazard will be detected |
| 4 | LOW | Detection probability <25%. Low chance that potential hazard will be detected |
| 3 | MODERATE | Detection probability <50%. Moderate chance that potential hazard will be detected |
| 2 | HIG | Detection probability <80%. High chance that potential hazard will be detected |
| 1 | ALMOST CERTAIN | Detection probability <100%. Potential hazard will almost certainly be detected |
Approach to risk control
In general terms, we pursue a strategy of reducing risk as far as possible without adversely affecting the benefit-risk ratio. This is our general approach to risk control. However, certain risks may require an approach based on reducing risk as low as reasonably practicable, or even reducing risk as low as reasonably achievable, due to the nature of the risk.
Our top management reviews the suitability of the risk management process in the management review meetings to ensure continuing effectiveness of the risk management process.
Risk acceptability
For each identified hazardous situation, we decide the risk reduction measure based on its risk level. To quantify this, we use the RPN (Risk Priority Number).
As seen in the R-TF-013-002 Risk mangement record of every device, the risk estimation is the product of the severity multiplied by the probability, from 1 to 25. These values of probability and severity are based on technical previous experience, the state of the art and the foreseeable subjective evaluation.
As a restult, we establish three ranges of acceptability, depending on the RPN.
| RPN | Acceptability |
|---|---|
| From 0 to 5 | Acceptable: the risk is acceptable |
| From 6 to 12 | As far as possible (AFAP): only acceptable if accompanied by minimization actions. |
| From 13 to 25 | Not acceptable: a benefit-risk analysis is required. |
This results in the following matrix:
PROBABILITY OF OCURRENCE | 5 | Acceptable | As far as possible | Not acceptable | Not acceptable | Not acceptable | |||||
|---|---|---|---|---|---|---|---|---|---|---|---|
4 | Acceptable | As far as possible | As far as possible | Not acceptable | Not acceptable | ||||||
3 | Acceptable | As far as possible | As far as possible | As far as possible | Not acceptable | ||||||
2 | Acceptable | Acceptable | As far as possible | As far as possible | As far as possible | ||||||
1 | Acceptable | Acceptable | Acceptable | Acceptable | Acceptable | ||||||
1 | 2 | 3 | 4 | 5 | |||||||
SEVERITY OF HARM | |||||||||||
Evaluation and criteria for individual benefit-risk acceptability and the overall residual risk
The method to evaluate the criteria for individual benefit-risk acceptability and the overall residual risk considers the clinical benefits provided by the performance of the intended use of the medical device.
The individual residual risk acceptance follows the same criteria as the one established for the general risks, and it is indicated in the following table, and it is detailed at the corresponding R-TF-013-002 Risk management record
PROBABILITY OF OCURRENCE | FREQUENT | 5 | Consider conducting a Benefit-Risk analysis | Consider conducting a Benefit-Risk analysis | Not acceptable, conduct a Benefit-Risk analysis | Not acceptable, conduct a Benefit-Risk analysis | Not acceptable, conduct a Benefit-Risk analysis | |||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
PROBABLE | 4 | Consider conducting a Benefit-Risk analysis | Consider conducting a Benefit-Risk analysis | Consider conducting a Benefit-Risk analysis | Not acceptable, conduct a Benefit-Risk analysis | Not acceptable, conduct a Benefit-Risk analysis | ||||||
OCCASIONAL | 3 | Acceptable | Consider conducting a Benefit-Risk analysis | Consider conducting a Benefit-Risk analysis | Consider conducting a Benefit-Risk analysis | Not acceptable, conduct a Benefit-Risk analysis | ||||||
REMOTE | 2 | Acceptable | Acceptable | Consider conducting a Benefit-Risk analysis | Consider conducting a Benefit-Risk analysis | Consider conducting a Benefit-Risk analysis | ||||||
IMPROBABLE | 1 | Acceptable | Acceptable | Acceptable | Acceptable | Acceptable | ||||||
| 1 | 2 | 3 | 4 | 5 | ||||||||
| NEGLIGIBLE | MINOR | MAJOR | SERIOUS | CRITICAL | ||||||||
| SEVERITY | ||||||||||||
Moreover, we use experts to support the evaluation of the overall residual risk, taking into consideration each of the individual residual risks, in relation to the benefits expected from the medical device under consideration. These experts have knowledge and experience with similar medical devices.
The global benefit-risk ratio is based on general acceptability of the product and evidenced by the R-TF-015-003 Clinical evaluation report (CER) and periodically revised and re-validated as shown in the Clinical Evaluation Plan (R-TF-015-001 Clinical evaluation plan (CEP)), or when new hazards are identified and they require assessment and evaluation.
A visual representation, in form of a chart, of each of the residual risks is also used, giving a graphic view of the distribution of the risks. If many of the risks are in the higher severity regions or in the higher probability regions of the risk matrix, then the distribution of the risks can indicate that the overall residual risk might not be acceptable, even if each individual risk has been judged acceptable.
The results of the evaluation of the overall residual risk are documented in the R-TF-013-002 Risk Management Record.
Principles and governance
Our risk management approach reflects the following principles:
- Ensuring patient safety
- Addressing both value protection and value creation
- Ensuring that roles and responsibilities are explicit and clear
- Ensuring that the process for managing risk is fit for purpose
- Ensuring compliance with the applicable regulatory requirements
- Ensuring safety, performance and effectiveness of the medical device
And will be embedded in our governance structures as follows:
- Our top management is the responsible for the risk management policy and for making sure of the implementation of the policy.
- The top management is also responsible for defining a sound system of internal control that supports the achievement of policies, aims and objectives while safeguarding the public.
- If and when the corporate structure changes, the organisation will ensure that the top management continues to lead and take responsability for the commitment to risk management.
Commitment to risk management
Top management has the responsibility to establish and maintain an effective risk management process. We are commited to implementing an integrated risk management system in line with international reference standards, namely UNE-EN ISO 14971:2020, and guided by the following principles:
- Leadership of management: our management will provide the necessary resources and ensure that the organization works in accordance with these principles.
- Integration in management processes, especially those related to strategy and planning.
- Comprehensive and harmonized management, so that all risks are managed through a common process for identification, evaluation, and treatment.
- Continuous improvement, through periodic reviews of the management framework.
General requirements for our risk management system
Risk management process
We establish, implement, document and maintain a continuous process throughout the product lifecycle to identify the hazards and hazardous situations related to the medical device, estimate and evaluate the associated risks, control these risks, and monitor the effectiveness of the risk control measures. This process must include:
- Risk analysis
- Risk evaluation
- Risk control
- Production and post-production data
The risk management process will be integrated in all the procedures established at this QMS, especially GP-004 Vigilance System, GP-006 Non-conformities. Corrective and preventive actions, GP-007 Post-Market Surveillance and GP-014 Feedback and complaints.
We develop a risk management system based on the standard UNE-EN ISO 14971:2020.
Management responsibilities
The top management of the company:
- Ensures the availability of adequate resources, including the assignment of competent personnel, for risk management.
- Defines and documents the global risk acceptability criteria mentioned in this procedure.
- Checks the adequacy of the risk management process at planned intervals to ensure continuing effectiveness of the process (
GP-002 Quality planning). Any decisions and actions taken will be documented in theT-002-004 Management review report.
Competence of staff
Staff involved in risk management will have sufficient experience, skills and knowledge to carry out the assigned tasks. The working team responsibilities will be documented in the corresponding T-005-001 Job description and they also will be described at the T-013-001 Risk management plan. Each T-013-002 Risk management record will be edited and reviewed by the people with the greatest knowledge and experience depending on the case, in relation to their knowledge of technologies, regulatory requirements, formation and others.
It is the responsibility of the JD-001 to select the responsible of each task, which are documented in each T-013-002 Risk management record, showing the name and signature of the responsible individuals.
Risk management plan
Risk management team
The risk management team establishes and documents a T-013-001 Risk management plan.
To be part of the team, it is necessary to meet the following conditions:
- To have received specific training in the application of the risk management procedure according to the applicable regulations (MDR 2017/745 and ISO 14971),
- &/or deep knowledge of the product, the manufacturing or development process, the analysis and test methods used, and basic knowledge in the medical device requirements (ISO 13485).
The team performing the risk mangement must be comprised by persons with knowledge and experience of not just risk management, but also with knowledge on the medical device, technologies involved and its use.
The responsibilities are defined at the corresponding T-005-001 Job description and the qualification for each of the components is registered in the T-005-002 Personnel card.
Risk management plan content
The minimum essential content of the T-013-001 Risk management plan, which will be reviewed every year, is:
- Scope: description of the risk management purpose and activities, identifying and describing the medical device and the life cycle phases.
- Terms and definitions: description of the most important concepts related to risk management.
- Assignment of responsibilities and authorities.
- Requirements for the review of the risk management activities.
- Criteria for risk acceptability.
- Evaluation and criteria for acceptability of the overall residual risk.
- Verification activities for the implementation and effectiveness of risk control measures.
- Collection and review of relevant production and post-market information.
- Planning of the risk management activities: relationship among the phases of the product's life cycle, the risk management activities and the related documentation.
The risk management process will be established in each phase of the product's life cycle, according to each step defined in this procedure.
Risk management record
The compnay establishes and maintains a Risk management record (T-013-002) according to the applicable requirements.
The T-013-003 Risk management record considers the following types of risks:
- Requirements risks (user, technical and regulatory)
- Product risks
- Processes risks
- Infrastructure risks
- Personnel training risks
- Safety and security characteristics (according to Annex A & F of the UNE-EN ISO 24971:2019)
Each record contains, at least:
- Hazards and hazardous situations
- Type of risk
- Risk analysis (estimation):
- Foreseeable sequence of events
- Harms
- Risks
- Parts/people affected
- Potential causes/mechanisms of failure
- Initial risk evaluation
- Severity (S) and probability (P) identification
- RPN (Risk Priority Number) = S x P
- Risk control
- Control method selected option (according to UNE-EN ISO 14971:2020)
- Inherently safe design and manufacture
- Protective measures in the medical device itself or in the manufacturing process
- Information for safety and, where appropriate, training to users
- Implanted mitigation measures
- Responsible
- Implemented control measures verification
- Control method selected option (according to UNE-EN ISO 14971:2020)
- Evaluation of overall residual risk
- Severity and probability identification
- RPN (Risk Priority Number)
- Risk level, according to the cover of each
T-013-002 Risk management recordand/or the product'sT-013-001 Risk management plan, its acceptability and risk level matrices:- Acceptable
- AFAP (“As Far As Possible”). Review required, acceptable with current risk minimization measures.
- Unacceptable
- Risk acceptability, according to cover of each
T-013-002 Risk management recordand/or the product'sT-013-001 Risk management plan, its acceptability and risk level matrices:- Yes, acceptable
- Pending, it is required a risk minimization action
- No, unacceptable
- Risk minimization for residual risk:
- Control method selected option (according to UNE-EN ISO 14971:2020)
- Inherently safe design and manufacture
- Protective measures in the medical device itself or in the manufacturing process
- Information for safety and, where appropriate, training to users
- Control method based on the combination of some or all the previous.
- Additional control measures
- Control method selected option (according to UNE-EN ISO 14971:2020)
- Assessment of risks arising from risk control measures
- Yes
- No
- Acceptability of the individual benefit-risk ratio
The risk acceptability value for residual risks is documented in the correponding section of this procedure, and it will be based on a specific matrix where the harm probability and severity are related.
In case of having more than one product, we will identify the specific product as part of the file name. For example, for product 1 and product 2, the name of the files will be:
- TF-R-013-002_Risk Management Record_Product 1 name_YYYY_nnn
- TF-R-013-002_Risk Management Record_Product 2 name_YYYY_nnn
Currently, we only develop and manufacture a single product.
The T-013-002 Risk management records will have a color code to identify:
- Risk level
- Risk acceptability
- Benefit-risk analysis
These colors are:
- Red color: unacceptable.
- Yellow color: AFAP (As Far As Possible), acceptable with current risk minimization measures.
- Green color: acceptable.
Risk analysis
Risk analysis process
The risk analysis process must be done for each medical device, specifying the risk directly associated with each product and the related processes.
The risk analysis plan consists in:
- Description of the product and its intended use (Technical File and Risk Management Plan).
- Identification of known and foreseeable hazards (Risk Management Records).
- Risk estimation for each hazard (Risk Management Records).
The people involved in each risk analysis record are named at the signature meaning section, identifying the responsibility and assigned task.
Finally, each responsible signs the document according to GP-001 Documents and records control.
Intended use and reasonably foreseeable misuse
The medical device intended use is documented in the Technical File and in the T-013-001 Risk management plan considering the intended medical indication, the patient population, the user profile, the use environment and the operating principle.
Likewise, the company documents the product reasonably foreseeable misuse in the T-013-002 Risk management record.
Identification of characteristics related to safety
The qualitative and quantitative characteristics that could affect the safety of the medical device and, when applicable, the limits of these characteristics are documented in the Technical File T-013-003 Risk management report.
Identification of hazards and hazardous situations
The identification of known and foreseeable hazards based on the intended use, the reasonably foreseeable misuse and the characteristics related to safety of the medical device, is documented in each T-013-002 Risk management record, in the column named “HAZARD AND HAZARDOUS SITUATION”, under normal conditions of use and failure conditions.
It will be based on a previous analysis documented in the T-013-001 Risk management plan.
Risk estimation
For each identified hazardous situation, we estimate the associated risk value using the rationale and the formula explained in the Risk Management Policy section. The risk estimation is registered for each risk at the T-013-002 Risk management record.
Risk evaluation
Risk level
For each identified hazardous situation, we decide the risk reduction needed based on its risk level. We define the risk level using the rationale and the formula explained in the Risk Management Policy section. This information will be registered in the T-013-001 Risk management plan and in the glossary of each T-013-002 Risk management Record.
Risk acceptability
We define the risk level using the rationale and the formula explained in the Risk Management Policy section.
Risk control
Risk mitigation
When a risk reduction is required, the following actions to mitigate or eliminate the risk developed should be taken.
Risk control option
To reduce the risks to an acceptable level, we determine a set of risk control measures that may be appropiate for each risk. In order of priority, the actions to be taken must be grouped as:
- Inherently safe design and manufacture (intrinsically safe design and construction (annex A of the standard
UNE-CEN ISO/TR 24971:2020)): to eliminate a particular hazard, reduce the probability of occurrence of the harm or reduce the severity of the harm. This includes improvements of the characteristics such as precision, reliability, automation of stages prone to mistakes, ease of use, or others. We apply a FMEA (Failure Mode and Effects Analysis) method to identify steps to prevent nonconforming products. - Protective measures in the medical device or in the manufacturing process: if improvements in the manufacturing process are not feasible, additional controls may be required, such as inspection of input materials, in-process testing, reference materials to ensure metrological traceability, or final testing.
- Information for safety and, where appropriate, training to users, such as instructions, warnings and other specific information (descriptive means).
Information for safety is not a control option, since chapter III of annex I of MDR 2017/745 specifies that users must be informed about residual risks, so additional risk reduction should not be attributed to the information provided to users (annex A of the standard UNE-CEN ISO/TR 24971:2020).
Implementation and verification of effectiveness risk control measures
Regarding verification activities, two different verifications activities are required by the harmonized standard UNE-EN ISO 14971:2020. As such, we carried out the following activities:
- Verification of implementation of risk control measures is carried out to ensure that the risk control measures have been implemented in the final design.
- Verification of the effectiveness of the risk control measurers is carried out to ensure that the measures implemented actually reduce the risks.
The evidence for verification of implementation and effectiveness of risk control measures are collected in the R-TF-013-002 Risk Management Record, in the columns named “Implanted mitigation measure”, and also in the column "Verification of control measure" which is documented by the responsible of verifying the activity.
Residual risk evaluation
Individual residual risks are evaluated by the same method and with the same criteria for risk acceptability as the initial risks. The residual risk is either acceptable or unacceptable. It specifies the new probability and severity (after the verification of the measures), corresponding to the latter residual risk assessment.
The measures are verified in relation to their effectiveness evaluating their new probability value. Typically, the severity value is considered the same than it was originally, except in concrete cases:
- When the risk responsible considers that it was assessed an extremely low value in old versions.
- When the measures taken can actually minimize the related hazard.
As a general principle, the control and minimization measures are orientated towards reducing the probability, but only in certain cases it will possible to reduce the harm severity, if it appears. When this assessment obtains an unacceptable value, we take minimization measures to reduce the risks to acceptable levels, update the actions and repeat the process of actions control.
The residual risks that should be known by the user are incorporated into the documentation provided to the user together with the product.
Benefit-risk analysis
We carry out an assessment of the global benefit-risk analysis, documenting it in the T-013-003 Risk management report.
Additionally, in order to analyze each individual risk according to annex A of the standard UNE-CEN ISO/TR 24971:2020, at the T-013-002 Risk Management Record we evaluate the acceptability of clinical benefit in comparison with their risks at the end of each risk.
Each risk documented in the T-013-002 Risk Management Record will be assessed in relation to the previous experience, the state of the art, the harmonized standards, and the preclinical and clinical data.
Each individual risk will be analyzed in comparison with the benefit-risk ratio acceptability matrix, developed in the T-013-001 Risk management plan, analyzing its specific probability, severity and resultant risk value.
Benefit-risk acceptability
PROBABILITY OF OCURRENCE | FREQUENT | 5 | Consider conducting a Benefit-Risk analysis | Consider conducting a Benefit-Risk analysis | Not acceptable, conduct a Benefit-Risk analysis | Not acceptable, conduct a Benefit-Risk analysis | Not acceptable, conduct a Benefit-Risk analysis | |||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
PROBABLE | 4 | Consider conducting a Benefit-Risk analysis | Consider conducting a Benefit-Risk analysis | Consider conducting a Benefit-Risk analysis | Not acceptable, conduct a Benefit-Risk analysis | Not acceptable, conduct a Benefit-Risk analysis | ||||||
OCCASIONAL | 3 | Acceptable | Consider conducting a Benefit-Risk analysis | Consider conducting a Benefit-Risk analysis | Consider conducting a Benefit-Risk analysis | Not acceptable, conduct a Benefit-Risk analysis | ||||||
REMOTE | 2 | Acceptable | Acceptable | Consider conducting a Benefit-Risk analysis | Consider conducting a Benefit-Risk analysis | Consider conducting a Benefit-Risk analysis | ||||||
IMPROBABLE | 1 | Acceptable | Acceptable | Acceptable | Acceptable | Acceptable | ||||||
| 1 | 2 | 3 | 4 | 5 | ||||||||
| NEGLIGIBLE | MINOR | MAJOR | SERIOUS | CRITICAL | ||||||||
| SEVERITY | ||||||||||||
Risk acceptability or rejection criterion
- No, unacceptable
- Pending, it is required a risk minimization action
- Yes, acceptable
Risk resulting from control actions
The effects of the risk control measures should be reviewed in relation to:
- The introduction of new hazards or hazardous situations.
- If the estimated risks for previously identified hazardous situations are affected by the introduction of the risk control measures.
The new risks will be managed according to the process defined in this document. When a new risk appears, the responsible creates a new entry in the T-013-002 Risk Management Record, creating a new version of the record. The new entry will have as initial probability the same value than the previous one had as “RESIDUAL RISK EVALUATION”. When the current action has not been verified, it is moved to the new entry of the record with the same action, and initial probability, for the required action verification.
Completeness of risk control
We ensure that all the risks derived from all the identified hazards are being considered. At each T-013-002 Risk Management Record, hazards and hazardous situations with their foreseeable sequence of events, harms, risks, parts/people affected and potential causes/mechanisms of failure, in every case.
The risk control measures are documented in the T-013-002 Risk Management Record, in the columns “IMPLANTED MITIGATION MEASURES” and “IMPLEMENTED CONTROL MEASURES VERIFICATION” (when they have been verified).
Evaluation of overall residual risk
After the implementation of the actions, and their verification, we decide if the risks are acceptable regarding the values defined in the T-013-001 Risk management plan.
The acceptability of the risks is related to the benefit-risk ratio. A product with a clear benefit in relation to its risks will have greater acceptable value; on the contrary, a product with a low relationship should be analyzed with a more restrictive level of acceptability.
The T-013-002 Risk Management Record show the acceptability of the risk, assessing the RPN value and benefit-risk ratio, as "acceptable", "as far as possible (AFAP)" or "not acceptable".
When the risk level is classified as AFAP, the acceptability is conditioned to a minimization measure in place. According to the risk level matrix and the benefit-risk ratio acceptability matrix, its acceptability depends on values of probability, severity and RPN (combination of them).
For the residual risks that are considered acceptable, it will be necessary to decide which residual risks to reveal and to include in the documentation for clients (IFUs, labels and any other document related to the medical device that contains technical specifications or other when it is aimed to the customers communication).
Risk management review
Before the product commercialization, we make a review of the risk management process, guaranteeing that at least:
- The Risk Management Plan has been appropriately executed.
- The overall residual risk is acceptable.
- Appropriate methods are in place to collect and review relevant production and post-production information.
This review is documented at the T-013-003 Risk management report, that must contain the following information:
- Reference to the risk analysis plan.
- Records of risk analysis performed.
- Risk evaluation.
- The overall residual risk evaluation
- Implementation and verification of established control methods
- Assessment of the acceptability of possible residual risks.
The T-013-003 Risk management report will be reviewed annually, when a new hazard is identified or when a known hazard requires the redesign of control actions. The document will be edited, revised and approved by the responsible people specified in the document itself.
Production and post-production activities
Once the production process has begun, an evaluation of the production data must be carried out periodically, as well as the data obtained in accordance with the procedures GP-004 Vigilance system, GP-006 Non-conformity. Corrective and preventive actions, GP-007 Post-market surveillance and GP-014 Feedback and complaints. During this evaluation, we will determine if:
- Previously unrecognized hazards or hazardous situations are present.
- An estimated risk arising from a hazardous situation is no longer acceptable.
- The overall residual risk is no longer acceptable in relation to the benefits of the intended use.
- The generally acknowledged state of the art has changed.
- A re-evaluation should be done to check the impact on previously implemented risk management activities.
- It is necessary to implement new risk control measures.
- It is necessary to establish a different control.
- The results of this evaluation are considered an input for the review of the suitability of the risk management process by top management according to
GP-002 Quality planning.
Regarding each particular medical device or family of medical devices:
- We will review each medical device risk management file and determine if reassessment of risks and/or assessment of new risks is necessary.
- If a residual risk is no longer acceptable, we will evaluate the impact on previously implemented risk control measures and we will consider it as an input for modification of the medical device.
- We will consider the need for actions regarding medical devices on the market.
- We record any decisions and actions in the risk management file.
Associated documents
GP-002 Quality planningT-002-004 Management review reportT-005-001 Job descriptionT-005-002 Personnel cardT-013-001 Risk management planT-013-002 Risk Management RecordT-013-003 Risk management reportGP-004 Vigilance systemGP-006 Non-conformity. Corrective and preventive actionsGP-007 Post-market surveillanceGP-014 Feedback and complaints
Signature meaning
The signatures for the approval process of this document can be found in the verified commits at the repository for the QMS. As a reference, the team members who are expected to participate in this document and their roles in the approval process, as defined in Annex I Responsibility Matrix of the GP-001, are:
- Author: Team members involved
- Reviewer: JD-003
- Approver: JD-004